“Contagious Interview” Targets macOS with FlexibleFerret Malware
2025-02-06 • Hive Pro •
https://hivepro.com/wp-content/uploads/2025/02/TA2025031.pdf
Attachments
TA2025031.pdf (1 MB)
This attack exploits job seekers and developers, tricking them into installing malware disguised as legitimate applications. These tactics align with previously documented North Korean cyber-espionage campaigns. Beyond targeting job seekers, attackers have expanded their reach to GitHub developers, creating fake issues on repositories to spread FERRET malware droppers. The malware establishes persistence by modifying the User’s Library LaunchAgents folder, masquerading as a legitimate system service.
Indicators of Compromise
Related Actors
Related Reports
Shares tags: ContagiousInterview, FlexibleFerret • Shares 22 IOCs • Published within a week
2025-02-04 •
59% Match
#macOS
#BeaverTail
#InvisibleFerret
#Lazarus
#OtterCookie
#FlexibleFerret
#FriendlyFerret
Shares tag: FlexibleFerret • Shares 22 IOCs • Published within a week
2025-02-28 •
41% Match
Astrill VPN: Silent Push Publicly Releases New IPs on VPN Service Heavily Used by North Korean Threat Actors
Silentpush
Shares tag: ContagiousInterview • Published within a month
2025-02-26 •
41% Match
RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector
Paloalto Networks
Shares tag: ContagiousInterview • Published within a month
Shares tag: ContagiousInterview • Published within a month
2025-02-13 •
41% Match
#ContagiousInterview
Shares tag: ContagiousInterview • Published within a week